Beyond Borders: Corruption Risk in Today s s Global Marketplace Dallas-Fort Worth Joint IIA Chapter Meeting May 14, 2009
Today s s Discussion Topics Common fraud scenarios Foreign Corrupt Practices Act ( FCPA ) and other conventions Foreign officials Internal controls that mitigate corruption risk FCPA compliance audits Risk / control evaluation activities 1 2009 Protiviti S.r.l. Confidential
What s s the Risk? Where Is It? Inappropriate stock transfers Skimming Fictitious Sales Tax Schemes IP Theft Payroll schemes Scrap Theft Fraudulent Financial Reporting Misleading Revenue Bookings Employee Theft Corruption Inappropriate Use of Customer Data Concealed Liabilities Ghost Employees Bribery Kickbacks Conflicts of Interest Fictitious Revenues Fraudulent Invoicing Misdirection of Funds 2 2009 Protiviti S.r.l. Confidential Inventory Theft
Necessary Conditions for Fraud Exist in Today s s Economic Environment Increased pressure of what job loss would mean to family and its finances; Perceived opportunity to commit fraud given the lack of proper segregation of duties and other controls at the company after recent layoffs or cut-backs; and Can more easily rationalize committing fraud based on perception, right or wrong, of company management s attitude towards the company s circumstances in today s market. The Fraud Triangle Rationalization Incentive / Pressure Opportunity 3 2009 Protiviti S.r.l. Confidential
Occupational Fraud: A Study of the Impact of An Economic Recession Association of Certified Fraud Examiners (2009) 1. Level of fraud has increased since beginning of economic crisis. 2. Current increase in fraud stems from intense pressure faced by so many individuals. 3. Employees pose greatest threat to organizational resources in current economy. 4. Fraud levels expected to continue rising. 5. Organizations need to take seriously the threat posed by employees. 6. Fraud thrives in times of economic turmoil. 7. Even while facing budget reductions, companies have not cut spending on fraud-related controls. 8. Layoffs are pervasive and are leaving holes in organizations internal control systems. 4 2009 Protiviti S.r.l. Confidential
Emerging and developing economies Advanced economies Emerging and developing economies (not least developed) Emerging and developing economies (least developed) Obtained from: Transparency International 5 2009 Protiviti S.r.l. Confidential
Context of corruption drivers In developing countries, it is still frequently assumed that: Corruption is a natural ingredient for business success Standards of accountability are low Inappropriate corporate ethics standards are applied Corporate business ethics programs are ad-hoc Environment of illegal enrichment 6 2009 Protiviti S.r.l. Confidential
Context of corruption drivers (cont d) Contributing factors may include: Labor policies and practices Dictatorships Bribery of government officials Environmental pollution Disregard for rights of indigenous populations Sweatshops Inflation Poverty 7 2009 Protiviti S.r.l. Confidential
Perceived needs in developing countries Ethics and anti-corruption policy guidelines Confidential whistleblower or other reporting mechanisms Training on how to handle and report concerns / complaints High and solid standards of accountability Zero tolerance for inappropriate conduct Commitment of reciprocal trust between employees, executives and employers Multi-cultural awareness programs 8 2009 Protiviti S.r.l. Confidential
Corruption risk: What you need to know NOW! 33 enforcement actions in 2008 Increase in number of new investigations by the Department of Justice ( DOJ ) and/or Securities Exchange Commission ( SEC ) At least 100 investigations currently pending Escalation in penalties and disgorgements Corruption Coordinated enforcement actions by DOJ, SEC and German Authorities resulted in penalties of $1.6 billion Settlement between Halliburton and DOJ resulted in $382 million in fines to DOJ and $177 million in disgorgement to SEC. Willbros. settlement resulted in $22 million of fines and $10.3 million of disgorgement 9 2009 Protiviti S.r.l. Confidential
Corruption risk: What you need to know NOW! Increased number of actions against individual executives Former officer and director of a Halliburton subsidiary pleaded guilty to foreign bribery and kickback charges Appointment of monitors Greater coordination between U.S. and foreign authorities Introduction of S.331, "a bill to increase the number of federal law enforcement officials investigating and prosecuting financial fraud." Compliance with Federal Sentencing Guidelines, Chapter 8.B2.1, Effective Compliance and Ethics Programs SOX compliance activities related to FCPA and anticorruption controls Corruption 10 2009 Protiviti S.r.l. Confidential
What is the Foreign Corrupt Practices Act? An anti-bribery statute Federal statute passed by Congress in 1977 after many American companies admitted to making questionable or illegal payments to foreign officials. Its purpose is to prohibit bribery of foreign government officials for the purpose of obtaining or retaining business DOJ and SEC have jurisdiction; either or both may investigate and charge 11 2009 Protiviti S.r.l. Confidential
International Agreements Relating to Bribery of Foreign Officials United Nations UN Convention Against Corruption (UNCAC) Organization of American States Inter-American Convention Against Corruption Organization For Economic Cooperation and Development (OECD) Convention on Combating Bribery of Foreign Public Officials In International Business Transactions Council of Europe (COE) Criminal Law Convention on Corruption Group of States Against Corruption (GRECO) Agreement 12 2009 Protiviti S.r.l. Confidential
13 2009 Protiviti S.r.l. Confidential
Overview of Requirements The FCPA imposes requirements on companies with listed securities in the U.S.: The anti-bribery provision makes it illegal to make payments with a corrupt motive to foreign officials for the purpose of influencing the official in order to assist in obtaining or retaining business. The books and records provision requires companies to maintain records that accurately reflect transactions and the nature and quantity of corporate assets and liabilities. 14 2009 Protiviti S.r.l. Confidential
FCPA Anti-Bribery Provisions FCPA makes it a civil and criminal offense for: anyone subject to U.S. jurisdiction to do some act in furtherance of an offer, promise, gift or authorization of the giving of anything of value Corruptly to a non-u.s. official directly or indirectly to obtain or retain business or secure another improper business advantage 15 2009 Protiviti S.r.l. Confidential
FCPA Books and Records Requirements FCPA requires issuers to make and keep books, records, and accounts, which, in reasonable detail, accurately and fairly reflect the transactions and dispositions of the assets of the issuer. According to the SEC, the documentation must record not only the terms of the transaction but also any other information needed to alert the reviewer to possible impropriety or illegality. FCPA also requires all issuers to create and maintain accounting controls to provide reasonable assurance that: Transactions are executed in accordance with management s authorization; Transactions are recorded as necessary to permit the preparation of financial statements in accordance with GAAP and to maintain accountability for assets; Access to assets is permitted only in accordance with management s authorization; and The recorded accountability for assets is compared to existing assets at reasonable intervals and appropriate action is taken if there are any differences. 16 2009 Protiviti S.r.l. Confidential
Who s s Covered? Publicly traded or privately held companies Individual U.S. citizens, residents and nationals Businesses organized in the United States (including overseas branches) Officers, directors, employees, agents and stockholders acting on behalf of such businesses Businesses organized outside the U.S. with principal place of business in the U.S. Non-U.S. issuers of U.S. securities Officers, directors, employees, agents and stockholders of issuers, acting on their behalf Any other individual or foreign company while in the U.S. [or causing an act to be done in the U.S.] 17 2009 Protiviti S.r.l. Confidential
Who is a Foreign Official? DOJ and SEC have determined the following persons to be foreign officials: Officials of a government-owned bank in Argentina The director of a regional health fund in Poland Physicians and laboratory employees at government-owned hospitals in China and in Taiwan, Mexico, Luxembourg and France The president, the prime minister and the oil minister of Kazakhstan Officials of the National Petroleum Investment Management Service of Nigeria Engineers employed by the state oil company in Angola A captain in the Niger Air Force 18 2009 Protiviti S.r.l. Confidential
Who is a Foreign Official? (cont d) Customs officials in Haiti and Columbia Officials of the State Oil Company of Azerbaijan An Indonesian tax official Airport officials in China, the Philippines and Thailand A member of the Nicaraguan legislature A senior official of the Indonesian Ministry of Environment Sovereign Wealth Funds? 19 2009 Protiviti S.r.l. Confidential
Penalties for Violations Anti-Bribery Provision Companies criminal fines up to $2 million, civil penalties up to $10 million, per violation Individuals fines up to $250,000 plus up to five years in prison Disgorgement - pay back profits from costs avoided by the illegal activity Lose eligibility for government contracts or programs Appointment of independent monitor Disruption or suspension of export privileges Other injunctive relief Books and Records Provision Companies criminal fines up to $25 million per violation for willful violations Individuals fines up to $2 million plus up to 20 years in prison for willful violations Disgorgement - pay back up to twice the amount of any profits from the illegal activity Bar from serving as officer or director of any public company Bar from practicing before the Commission (attorneys, CPAs) Other injunctive relief 20 2009 Protiviti S.r.l. Confidential
Key Components: FCPA Compliance Program Help-line for questions and guidance Whistleblower program, i.e., confidential means of reporting concerns or problems Accountability and responsibility for program assigned to a member of senior management Code of ethics/conduct Current Simple English - easily understood Effectively communicated, disseminated and reinforced Specific FCPA or other anti-bribery policies Protocols and procedures to ensure compliance with code of ethics/conduct or other related policies Reporting mechanisms Training: employees, agents and JV partners Certification by employees and agents Monitoring implementation and controls 21 2009 Protiviti S.r.l. Confidential Risk assessment considerations FCPA risk incorporated into company s risk and control evaluation activities Training and awareness programs Active and periodic communication with employees, business partners Knowledgeable and active oversight by Board Effective and heightened due diligence In-depth background checks of employees, new business partners (alliance, JV s, etc.) Updated background checks of existing employees, business partners FCPA clauses included in new vendor contracts, as well as renewals Vendor right-to-audit clauses On-going monitoring and auditing activities Disciplinary, prosecution and recovery guidelines Self-reporting to government agencies / law enforcement
FCPA Compliance Audits: Red Flags Rumors regarding unethical or suspicious conduct by an employee, marketing representative, consultant or other business partners Unnecessary third parties or multiple intermediaries Request for payment to a third party rather than the consultant Requests for payment in a third country Business in a country with bribery problems Requests for payment in cash Requests for excessive commissions or other payments Political and charitable contributions Requests for reimbursement of expenses that are poorly documented Incomplete or inaccurate information in required disclosure Refusal to certify compliance 22 2009 Protiviti S.r.l. Confidential
New and Revised IIA Standards Related to Fraud Risk Released by IIA in January 2009 23 2009 Protiviti S.r.l. Confidential
Fraud Risk Management 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. A. Fraud Risk Assessment Understand fraud risk and specific risks that directly or indirectly impact organization Structured and tailored to organization s size, complexity, industry and goals Performed and updated periodically Integrated within overall organizational risk assessment; or Conducted on stand-alone basis Create fraud risk assessment team Components include (but are not limited to): Risk identification Risk likelihood (inherent) Significance assessment (inherent) Risk response (residual) 24 2009 Protiviti S.r.l. Confidential
Fraud Risk Management (cont d) 2120.A2 The internal audit activity must evaluate the potential for the occurrence of fraud and how the organization manages fraud risk. B. Fraud Risk Management Evaluation Assess fraud risk management program, including (but not limited to): Roles and responsibilities Fraud control policy Commitment of Board and management Ongoing fraud awareness program Affirmation process Conflicts disclosure Fraud risk assessment Reporting procedures Whistleblower protections Investigation process Corrective action (i.e., remediation ) Process evaluation and improvement ( quality assurance ) Continuous monitoring 25 2009 Protiviti S.r.l. Confidential
Fraud Risk: Proficiency of Internal Auditors 1210.A2 Internal auditors must have sufficient knowledge to evaluate the risk of fraud and the manner in which it is managed by the organization, but are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud. Must instead of should Focus on fraud risk assessment Additional component includes evaluation of fraud risk management 26 2009 Protiviti S.r.l. Confidential
Principles of Fraud Risk Management Based upon Managing the Business Risk of Fraud: A Practical Guide Released by IIA, AICPA and ACFE - July 2008 27 2009 Protiviti S.r.l. Confidential
Principles of Fraud Risk Management Principle 1: As part of an organization s governance structure, a fraud risk management program should be in place, including a written policy (or policies) to convey the expectations of the board of directors and senior management regarding fraud risk. Principle 2: Fraud risk exposure should be assessed periodically by the organization to identify specific potential schemes and events that the organization needs to mitigate. Principle 3: Prevention techniques to avoid potential key fraud risk events should be established, where feasible, to mitigate potential impacts on the organization. Principle 4: Detection techniques should be established to uncover fraud events when preventive measures fail or unmitigated risks are realized. Principle 5: A reporting process should be in place to solicit input on potential fraud, and a coordinated approach to investigation and corrective action should be used to help ensure potential fraud is addressed appropriately and timely. 28 2009 Protiviti S.r.l. Confidential
29 2009 Protiviti S.r.l. Confidential